Xen

Xen

491 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.37%
  • Veröffentlicht 23.11.2012 20:55:04
  • Zuletzt bearbeitet 16.06.2026 23:47:41

The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path...

  • EPSS 0.42%
  • Veröffentlicht 23.11.2012 20:55:04
  • Zuletzt bearbeitet 16.06.2026 23:47:41

Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via ...

  • EPSS 0.38%
  • Veröffentlicht 23.11.2012 20:55:04
  • Zuletzt bearbeitet 16.06.2026 23:47:41

The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally...

  • EPSS 0.43%
  • Veröffentlicht 23.11.2012 20:55:04
  • Zuletzt bearbeitet 16.06.2026 23:47:41

The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allow...

  • EPSS 0.42%
  • Veröffentlicht 23.11.2012 20:55:04
  • Zuletzt bearbeitet 16.06.2026 23:47:41

The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary c...

  • EPSS 0.43%
  • Veröffentlicht 23.11.2012 20:55:04
  • Zuletzt bearbeitet 16.06.2026 23:47:41

The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial ...

  • EPSS 0.44%
  • Veröffentlicht 23.11.2012 20:55:03
  • Zuletzt bearbeitet 16.06.2026 23:43:20

The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserve...

  • EPSS 0.44%
  • Veröffentlicht 23.11.2012 20:55:03
  • Zuletzt bearbeitet 16.06.2026 23:43:20

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allow...

  • EPSS 0.42%
  • Veröffentlicht 23.11.2012 20:55:03
  • Zuletzt bearbeitet 16.06.2026 23:43:20

XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as...

  • EPSS 0.4%
  • Veröffentlicht 23.11.2012 20:55:03
  • Zuletzt bearbeitet 16.06.2026 23:43:20

(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer d...